Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Key Elements of Effective FCPA Remediation: Earning DOJ and SEC's 'High Premium'

By Jonny Frank and Rex Homme
February 27, 2013

The Department of Justice (DOJ) and Securities Exchange Commission's (SEC) Guide to the U.S. Foreign Corrupt Practices Act (FCPA) demonstrates, if there were any doubt, the importance of timely and effective FCPA remediation. Calling it a “high premium,” the DOJ and SEC explain that FCPA remediation can help an organization avoid criminal prosecution and enforcement proceedings; pay reduced penalties and safeguard brand value; and obviate a government-imposed compliance monitor or independent consultant.

It is not just the organization that is impacted by issues arising from poor internal controls. Board members and senior management face substantial embarrassment and damaged personal reputations. Consider also the career damage to business leaders, ethics and compliance officers and internal auditors.

Effective FCPA remediation adds to the bottom line and should pay for itself many times over. According to a survey conducted by the Economist Intelligence Unit, corporations on average lose 2% of earnings to fraud and corruption, or the equivalent of a full week's work. Roughly 20% of companies lose over 4% of earnings, or the equivalent of two weeks' work, and a quarter of those lose over 10% of earnings. These estimates do not include waste, abuse, fines, investigative and legal fees, or higher insurance premiums. Nor do they capture “soft” costs, e.g., management distraction; lost productivity; talent flight; injured customer and supplier relationships; opportunity loss; and erosion of brand value. The Association of Certified Fraud Examiners Report to the Nations finds that effective antifraud programs cut losses in half, saving most organizations millions of dollars in future losses.

High corruption risk correlates to high fraud risk. Companies doing business in emerging markets face higher than average losses absent effective and
proactive antifraud programs and controls. A Dow Jones study concluded that nearly 60% of companies delay or avoid global business opportunities due to concern over fraud and corruption.

Government expectations are rigorous and, no surprise, the bar continues to rise. The most detailed guidance appears in the attachments to DOJ corporate deferred and non-prosecution agreements. See, e.g., U.S. v. Tyco (D.DC September 2012) (non-prosecution agreement) (Tyco); U.S. v. Pfizer (D.DC August 2012) (deferred prosecution). Additional guidance appears in the DOJ Principles of Federal Prosecution of Business Organization, SEC Enforcement Manual and Chapter 8 of the U.S. Sentencing Guidelines (USSG) and, most recently, the DOJ and SEC FCPA Resource Guide. This article suggests a practical plan for organizations and counsels to meet these expectations.

USSG: Involve Remediation Advisers

The 2011 amendments to the United States Sentencing Guidelines suggest that organizations include professional advisers in their remediation efforts. Remediation is very different from traditional forensic accounting. Remediation experts work in the absence of a specific allegation or suspicion and apply specialized knowledge, skills and training to promote recovery and prevent recurrence.

Select a remediation adviser experienced in working and coordinating with legal teams ' while the remediation team should be benefiting from the findings of the investigation team, thorough and timely remediation processes often require a separate, concurrently retained, focused team. The remediation experts should be knowledgeable on the universe of corruption risks, and be experienced in helping lawyers and organizations to identify root causes of misconduct, conduct anticorruption risk assessments, evaluate entity and transaction levels controls and perform forensic audits.

Consider also whether the remediation adviser should come from a different firm than the forensic accountants that assisted in the investigation. Does counsel represent management or the board? If retained by management's counsel, the remediation expert works alongside and helps the remediation team conduct a root-cause analysis and implement new policies, procedures and controls. When assisting counsel to the board, the remediation adviser assesses the design and operating effectiveness of remedial measures akin to that of an independent monitor.

Independence and Privilege

Independence is another consideration. An independent third party assessment of the organization's remediation carries more weight with prosecutors and regulators. Also, the remediation team cannot audit its own work. The government will not consider a remediation adviser to be independent if it develops or implements the remediation plan or serves as the client's advocate.

Maintaining the attorney/client privilege is essential if the remediation efforts might uncover other corporate misconduct. Consider forming two attorney-led work streams: one for investigation and another for remediation. Separate teams enable counsel to waive privilege to report on remediation while protecting privilege for the investigation. Separate teams also ensure proper allocation of skill sets and avoid the remediation delays that invariably occur when the investigation team is too busy to focus on remediation. Although the teams will be operating separately, coordination is essential and is best achieved if the remediation team communicates processes and results to the lawyer heading the investigation team to ensure that remediation efforts remain in tune with the investigation findings.

Do Not Delay or Wait Until End of Investigation

Government expectations are clear: Commence remediation immediately. Do not wait until the investigation is complete. It is one thing to assert that the organization will take steps to prevent recurrence; it is quite another to prove that those steps have been identified, considered and put into action, albeit preliminarily, as the investigation progresses.

The DOJ and SEC specifically consider whether an organization remediates promptly in determining whether to file charges or impose a monitor. DOJ policy even allows timely remediation to cure compliance program flaws that gave rise to the misconduct. Even if it cannot avoid prosecution, timely remediation substantially reduces the USSG culpability score, potentially saving millions of dollars in fines and penalties.

Some attorneys and organizations delay remediation until the investigation is complete. This is a mistake. Delay allows for the risk of continued violations, thereby exposing the organization to harsher sanctions and likely imposition of a government compliance monitor or independent consultant. Delay also creates a practical challenge apart from legal implications. Internal investigations are physically, emotionally and financially exhausting: sooner or later, management presses for “closure.” The appetite for remediation is invariably diminished over time, or even lost.

Root Cause Analysis

The “Cressey Fraud Triangle,” named after 1950s criminologist Donald Cressey, provides a useful and simple framework for conducting a root cause analysis in simple matters.

According to Cressey, three conditions exist whenever misconduct occurs: 1) incentive or pressure; 2) opportunity; and 3) rationalization. The analysis thus considers motivation(s) and justification(s) for paying bribes, as well as control gaps that enabled unauthorized use of company assets. The analysis also considers how a “good person” justified the misconduct and whether they feared detection.

Complex or significant misconduct warrants deeper analysis under the COSO Internal Controls Framework or other accepted methodology. COSO is an acronym for the Committee of Sponsoring Organizations of the Treadway Commission. Information about COSO is available at www.coso.org.

The COSO framework is globally recognized as the leading methodology for identifying and mitigating risks relating to financial reporting, compliance and operations. For example, public companies and external auditors use the COSO framework to meet Sarbanes-Oxley requirements regarding assertions and opinions on the effectiveness of controls over financial reporting. Companies can also use COSO to evaluate the effectiveness of anticorruption compliance programs.

The COSO framework is typically depicted as a cube. The front side of the cube is the most relevant to conducting a root cause analysis. It depicts the five basic elements of the internal controls framework: control environment, risk assessment, control activities, information and communication and monitoring. The root cause analysis should address each of these elements

Control Environment

refers to the corporate culture, including commitment to integrity, “tone at the top,” codes of ethics and conduct, mechanisms to report misconduct, training, etc. The root cause analysis should consider how the control environment may have contributed to bribe paying.

Risk Assessment

is “fundamental,” say the DOJ and SEC in the FCPA Resource Guide, to an effective anticorruption ethics and compliance program. The root cause analysis considers the organization's risk assessment process; in particular, whether the organization anticipated the bribe risk and, if not, why not. If the organization did identify the risk, the root cause analysis should consider whether the organization linked the risk to mitigation control activities. Remediation must correct weaknesses or deficiencies in the risk assessment process to ensure that the organization properly anticipates and addresses future risks.

Control Activities

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?